[***]            Summary:            [***]

4 new Open, 33 new Pro (4 + 29). SystemdMiner, Almashreq, FolderLock, Pterodo, Various Phishing

[+++]          Added rules:          [+++]

Open:

2027351 - ET TROJAN ELF.SystemdMiner C2 Domain in DNS Lookup (trojan.rules)
2027352 - ET TROJAN ELF.SystemdMiner C2 Domain in DNS Lookup (trojan.rules)
2027353 - ET TROJAN MSIL/Almashreq CnC Checkin (trojan.rules)
2027354 - ET TROJAN MSIL/Almashreq Executing New Processes (trojan.rules)

Pro:

2836289 - ETPRO MOBILE_MALWARE Android/Hiddad.VP Checkin (mobile_malware.rules)
2836290 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.kn Checkin (mobile_malware.rules)
2836291 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-13 1) (trojan.rules)
2836292 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-13 2) (trojan.rules)
2836293 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-13 3) (trojan.rules)
2836294 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-13 4) (trojan.rules)
2836295 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-13 5) (trojan.rules)
2836296 - ETPRO TROJAN MSIL.FolderLock Stealer Password Exfil via SMTP (trojan.rules)
2836297 - ETPRO TROJAN Win32/Pterodo.NG Checkin 3 (trojan.rules)
2836298 - ETPRO USER_AGENTS Observed Suspicious UA (sinstall) (user_agents.rules)
2836299 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2836300 - ETPRO TROJAN MSIL/TekaCore Miner Checkin (trojan.rules)
2836301 - ETPRO CURRENT_EVENTS Successful Banco de Chile Phish 2019-05-13 (current_events.rules)
2836302 - ETPRO CURRENT_EVENTS Successful Banco de Chile Phish 2019-05-13 (current_events.rules)
2836303 - ETPRO CURRENT_EVENTS Successful IRS Phish 2019-05-13 (current_events.rules)
2836304 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-05-14 (current_events.rules)
2836305 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-05-14 (current_events.rules)
2836306 - ETPRO CURRENT_EVENTS Successful IRS Phish 2019-05-14 (current_events.rules)
2836307 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-05-14 (current_events.rules)
2836308 - ETPRO CURRENT_EVENTS Successful MyTelenor Phish 2019-05-14 (current_events.rules)
2836309 - ETPRO CURRENT_EVENTS Successful Generic Phish (set) 2019-05-14 (current_events.rules)
2836310 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-05-14 (current_events.rules)
2836311 - ETPRO CURRENT_EVENTS Successful Blockchain Phish 2019-05-14 (current_events.rules)
2836312 - ETPRO TROJAN Inbound PowerShell Starting Process from Windows Temp Directory (trojan.rules)
2836313 - ETPRO TROJAN PS/CoinMiner.QO WMI Persistence Setup Script Inbound (trojan.rules)
2836314 - ETPRO TROJAN PS/CoinMiner.QO Sending Infected System Data to CnC (trojan.rules)
2836315 - ETPRO TROJAN PowerShell Downloader with Mimikatz Payload Inbound (trojan.rules)
2836316 - ETPRO USER_AGENTS Win32/Agent.ZJK User-Agent Observed (user_agents.rules)
2836317 - ETPRO TROJAN Win32/Remcos RAT Checkin 99 (trojan.rules)

[///]     Modified active rules:     [///]

2027342 - ET TROJAN Observed Malicious SSL Cert (MirrorThief CnC) (trojan.rules)
2027343 - ET TROJAN MirrorThief CnC Domain in DNS Lookup (trojan.rules)

Date: 
Monday, May 13, 2019 - 22:00